Back to skill
Skillv0.1.1
ClawScan security
Hostex · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 8:51 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match a Hostex API client, but the registry metadata omits required environment variables (HOSTEX_ACCESS_TOKEN, HOSTEX_ALLOW_WRITES, HOSTEX_BASE_URL) and the source/homepage are unknown — verify before providing credentials or enabling writes.
- Guidance
- This package appears to be a straightforward Hostex API client (read operations by default, write operations require HOSTEX_ALLOW_WRITES=true and --confirm). However: 1) the registry metadata claims no required credentials even though the SKILL.md and scripts require HOSTEX_ACCESS_TOKEN (and optionally HOSTEX_ALLOW_WRITES and HOSTEX_BASE_URL) — treat this as a red flag and verify the publisher before supplying credentials; 2) prefer creating and using a read-only Hostex PAT; 3) if you run the included scripts, run them in an isolated environment and check what they log (the code redacts tokens but error objects may include redacted token snippets); 4) enabling HOSTEX_ALLOW_WRITES grants the skill the ability to make changes — require staged tests and manual confirmation; 5) verify hostex.io and the unknown skill source (no homepage) to ensure you're not giving credentials to a malicious or typo-squatted endpoint. If you want higher assurance, ask the publisher to correct the registry metadata to declare HOSTEX_ACCESS_TOKEN as the primary credential and provide a verifiable source/homepage.
Review Dimensions
- Purpose & Capability
- noteName/description, OpenAPI file, and scripts consistently implement a Hostex API client (read and guarded write operations). However the registry metadata lists no required credentials while the SKILL.md and scripts require HOSTEX_ACCESS_TOKEN (and optionally HOSTEX_ALLOW_WRITES/HOSTEX_BASE_URL). This metadata mismatch is unexpected.
- Instruction Scope
- okSKILL.md and the scripts restrict actions to the Hostex API and local OpenAPI caching; write operations are gated by an environment flag and explicit --confirm flow. There are no instructions to read unrelated files or exfiltrate data to third-party endpoints.
- Install Mechanism
- okNo install spec (instruction-only). Scripts are included in the bundle but there is no download-from-URL or third-party package installation. Risk from install mechanism is low.
- Credentials
- concernThe skill legitimately requires an API token (HOSTEX_ACCESS_TOKEN) and optionally HOSTEX_ALLOW_WRITES and HOSTEX_BASE_URL, but the registry metadata declares no required env vars or primary credential. Requesting a Hostex PAT is proportional for the stated purpose, but the omission from metadata is an incoherence that should be resolved before granting credentials.
- Persistence & Privilege
- okalways is false and the skill does not request automatic persistent privileges or modify other skills. The openapi-sync script writes a local openapi.json copy under skills/hostex/references, which is reasonable for caching but worth noting.